Installing Interactively on Windows

This procedure described how to install the HyTrust DataControl Policy Agent by interacting with the installer on the Windows system. For details about installing the Policy Agent silently, see Installing Silently on Windows.

Before You Begin 

  • Make sure you have completed the prerequisites in Windows Installation Prerequisites.
  • Make sure you have the credentials for a Windows user account with Administrator privileges.
  • If you plan to download the Policy Agent installation file on Windows 10 from the Microsoft Edge browser while logged in with the BUILTIN\Administrator account, make sure that User Account Control (UAC) is enabled for the BUILTIN\Administrator account. Alternatively, you can set the integrity level for the installer to high after you have downloaded it. For details, see the Microsoft Windows 10 documentation.

Procedure 

  1. Log into the KeyControl webGUI using an account with Cloud Admin privileges.
  2. Click Cloud.
  3. Click Actions > Download Policy Agent.
  4. Click the Download link associated with the file hcs-client-agent-rel.number-build.number.exe. KeyControl downloads the file to your browser's default download location.
  5. Copy hcs-client-agent-rel.number-build.number.exe to the Windows system that you want to encrypt.
  6. Log into the target Windows system as an Administrator.

  7. Navigate to the directory in which you placed the hcs-client-agent-rel.number-build.number.exe file and run the installer.

  8. On the Welcome page of the HyTrust Setup Wizard, click Next.

  9. On the Choose Install Location page, select the folder in which Policy Agent will be installed.

    Note: You must install Policy Agent in a folder on the C: drive.

  10. In the Choose Components page, review the setting of the HT Bootloader option.

    If you want to encrypt the boot drive on this system now or in the future, make sure this option is selected.

    If you do not need to encrypt the boot drive, make sure this check box is cleared.

    Note: If you do not install the HyTrust Bootloader now, you can do so later if needed. For details, see Installing the Bootloader After the Policy Agent Is Installed.

  11. If the HT Bootloader option is not selected:
    1. Click Install.
    2. On the Completing the HyTrust Setup Wizard page, select Reboot Now and click Finish.
  12. If the HT Bootloader option is selected:
    1. Click Next.
    2. On the Drive and Network Configuration page, select the drive letter and the network that the HyTrust Bootloader should use when connecting to KeyControl. By default, this dialog box shows the current DeviceID (a unique integer) and ConnectionID from WMI class Win32_NetworkAdapter for the selected network interface.
    3. When you are finished, click Install.
    4. If prompted, click Yes to remove any existing Bootloader partitions.
    5. On the Completing the HyTrust Setup Wizard page, select Reboot Now and click Finish.

    6. The machine will reboot several times to finish the installation. After the machine has finished booting, copy the id_rsa key file to another location in case you ever need to access the HyTrust Bootloader Debug Console using SSH.

      Tip: You can download the id_rsa key file using the KeyControl webGUI after the boot drive has been encrypted. To do so, log into the webGUI, click Cloud and go to the VMs tab. Select the appropriate VM, then select Actions > Download Bootloader SSH Key.

What to Do Next 

Register the VM with KeyControl as described in Registering the Policy Agent Using the HyTrust Policy Agent GUI or Registering the Policy Agent from the Windows Command Line.